Security Quest #12:Privacy

Facebook caused an uproar over the past week with their new Beacon advertising service. Being the last human not to have a Facebook account I didn’t follow the story too much at first, but then it became hard to ignore. At the very least it was a public relations disaster for Facebook, although I suspect it won’t really affect their membership numbers. Ars Technica has a pretty good summary and includes the changes Facebook made in response to the outcry. But it appears Facebook may still have a ways to go. PC World reports that Beacon tracks non-Facebook users and logged off Facebook users. It appears nobody at Facebook talked to their users and they implemented Beacon without really explaining what it meant before it kicked in for users.

I find it interesting that Google most definitely has as much info about users but tries to keep a low profile. When there’s a uproar about Google it’s what they might do with the data. With Facebook it’s what they were actually doing with the data. Google pulls us in slowly, Facebook wanted it to overwhelm us.

Also in the privacy arena, the November 22nd Security Now Podcast talked about third -party cookies, specifically PayPal’s routing of links through Doubleclick to avoid the issue of browsers rejecting third-party cookies. As the podcast mentions, this could give the Doubleclick advertising access to information about you. I don’t use PayPal a lot, and while I don’t like what they do I won’t use it any less. I use PayPal when a credit card isn’t accepted or I don’t want to give a website my credit card number so it would remain my preferred, if reluctant, choice. It may get me go through the hassle of using a one-time credit card number my bank offers.

Software Vulnerabilities

Symantec is reporting than an active exploit is in the wild for a QuickTime vulnerability that was first reported last week. From the article:

Hamada said the exploit code was found on a compromised porn site that redirects users to a site hosting malicious software called “Downloader.” Downloader is a Trojan that causes compromised machines to download other malicious software from the Internet. Symantec rates Downloader as “very low” risk.